Whitespace cleanup to get in sync with AniNIX/Uniglot hooks
4
.gitignore
vendored
@ -3,7 +3,9 @@ roles/Nazara/files/dns
|
||||
roles/Nazara/files/dhcp
|
||||
roles/Node/files/vm-definitions/**
|
||||
roles/ShadowArch/files/mirrorlist
|
||||
venv/
|
||||
roles/Foundation/files/custom/public/img/**
|
||||
venv/**
|
||||
**/pkg/**
|
||||
**pkg.tar.zst
|
||||
|
||||
# ---> Python
|
||||
|
@ -38,7 +38,7 @@ all:
|
||||
static: true
|
||||
sslidentity: aninix.net-0001
|
||||
secdetection: true
|
||||
iptv_location: Milwaukee
|
||||
iptv_location: "Milwaukee|Madison"
|
||||
Node0:
|
||||
ipinterface: enp1s0f0
|
||||
ip: 10.0.1.4
|
||||
@ -147,7 +147,7 @@ all:
|
||||
cores: 2
|
||||
memory: 2
|
||||
bridge: br0
|
||||
vnc: 6
|
||||
vnc: 10
|
||||
disks:
|
||||
- '-drive format=qcow2,l2-cache-size=8M,file=/srv/maat/vm/test1.qcow2'
|
||||
test2:
|
||||
@ -157,7 +157,7 @@ all:
|
||||
cores: 2
|
||||
memory: 2
|
||||
bridge: br0
|
||||
vnc: 5
|
||||
vnc: 11
|
||||
disks:
|
||||
- '-drive format=qcow2,l2-cache-size=8M,file=/srv/maat/vm/test2.qcow2'
|
||||
test3:
|
||||
@ -167,7 +167,7 @@ all:
|
||||
cores: 2
|
||||
memory: 2
|
||||
bridge: br0
|
||||
vnc: 4
|
||||
vnc: 12
|
||||
disks:
|
||||
- '-drive format=qcow2,l2-cache-size=8M,file=/srv/maat/vm/test3.qcow2'
|
||||
appliances:
|
||||
@ -183,7 +183,7 @@ all:
|
||||
mac: 70:74:14:4F:8E:42
|
||||
Games:
|
||||
ip: 10.0.1.66
|
||||
mac: 00:1F:BC:10:1C:F8
|
||||
mac: E0:BE:03:77:0E:88
|
||||
Print:
|
||||
ip: 10.0.1.67
|
||||
mac: 00:80:92:77:CE:E4
|
||||
@ -201,7 +201,7 @@ all:
|
||||
mac: 80:D2:1D:17:63:10
|
||||
Tachikoma:
|
||||
ip: 10.0.1.72
|
||||
mac: B8:76:3F:70:DB:C1
|
||||
mac: 90:0f:0c:1a:d3:23
|
||||
Dedsec:
|
||||
ip: 10.0.1.73
|
||||
mac: 34:F6:4B:36:12:8F
|
||||
|
@ -12,7 +12,7 @@
|
||||
# Expects ANSIBLE_VAULT_FILE to be set in the environment to path the vault
|
||||
# Also set ANSIBLE_VAULT_PASSWORD_FILE to your password file location if you want it.
|
||||
#
|
||||
- hosts: "{{ targets | default('all') }}"
|
||||
- hosts: "{{ targets | default('managed') }}"
|
||||
order: sorted
|
||||
serial: "{{ threads | default('8') }}"
|
||||
gather_facts: true
|
||||
|
@ -1,19 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
cd ~/src/Ubiqtorate/roles
|
||||
|
||||
if [ -n "$(git status | grep roles &>/dev/null)" ]; then
|
||||
echo There are roles that are not committed yet.
|
||||
exit 1;
|
||||
fi
|
||||
|
||||
unset bad
|
||||
for i in `ls -1`; do
|
||||
if ! grep "$i" ../playbooks/deploy.yml &>/dev/null; then
|
||||
echo "$i is not used in playbooks/deploy.yml"
|
||||
bad="1"
|
||||
fi
|
||||
done
|
||||
if [ -n "$bad" ]; then
|
||||
exit 1;
|
||||
fi
|
10
precommit-hooks/find-large-files
Normal file
@ -0,0 +1,10 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Limit files in git to 1M.
|
||||
find . -type f -exec du -k {} \; | egrep -v '^[[:digit:]]?[[:digit:]]?[[:digit:]][[:space:]]|\s./.git/'
|
||||
|
||||
if [ $? -ne 1 ]; then
|
||||
echo
|
||||
echo "These files are probably larger than you want to commit to Git. Please try to find an alternate delivery path, such as a CDN or Git-LFS."
|
||||
exit 1;
|
||||
fi
|
14
precommit-hooks/find-missing-customizations
Normal file
@ -0,0 +1,14 @@
|
||||
#!/bin/bash
|
||||
|
||||
retcode=0
|
||||
for host in `ansible -i "examples/msn0.yml" --list-hosts managed | grep -v ' hosts '`; do
|
||||
if [ ! -f roles/ShadowArch/files/motd/"$host" ]; then
|
||||
echo "Need MOTD for $host"
|
||||
retcode=1;
|
||||
fi
|
||||
if [ ! -f roles/Sharingan/files/monit/hostdefs/"$host" ]; then
|
||||
echo "Need Sharingan-Data file for $host"
|
||||
retcode=1;
|
||||
fi
|
||||
done
|
||||
exit $retcode
|
28
precommit-hooks/find-passwords-in-files
Normal file
@ -0,0 +1,28 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Ignore Ansibilized templates.
|
||||
saferegex='\s+}}"?\s*$'
|
||||
# Ignore comments
|
||||
saferegex="$saferegex"'|^[a-z,A-Z,0-9,_,-,/,.]+:\s*;|^[a-z,A-Z,0-9,_,-,/,.]+:\s*#|^[a-z,A-Z,0-9,_,-,/,.]+:\s*//'
|
||||
# Ignore binary file matches.
|
||||
saferegex="$saferegex"'|binary\ file\ matches'
|
||||
# AniNIX Constructs
|
||||
saferegex="$saferegex"'|password.aninix.net|aur.list'
|
||||
# Web constructs
|
||||
saferegex="$saferegex"'|.css:|.html:|.md:|htdocs|htpasswd'
|
||||
# Ignore template text to set policy
|
||||
saferegex="$saferegex"'|_LENGTH|Set new|attempt|pwdchange'
|
||||
# haveibeenpwned is referenced in comments
|
||||
saferegex="$saferegex"'|haveibeenpwned'
|
||||
# Unset variables.
|
||||
saferegex="$saferegex"'|\s+=\s*$|\s+yes$|\s+no$'
|
||||
# Ignore LDAP attributes
|
||||
saferegex="$saferegex"'|pwpolicies|pwdLastSuccess|pwdAttribute|pwdMaxAge|pwdExpireWarning|pwdInHistory|pwdCheckQuality|pwdMaxFailure|pwdLockout|pwdLockoutDuration|pwdGraceAuthNLimit|pwdFailureCountInterval|pwdMustChange|pwdMinLength|pwdAllowUserChange|pwdSafeModify|pwdChangedTime|pwdPolicy|last changed their password on|/root/.ldappass'
|
||||
|
||||
egrep -ir 'secret|password|pw|passphrase' roles/*/{files,templates} 2>&1 | egrep -v "$saferegex"
|
||||
if [ $? -ne 1 ]; then
|
||||
echo
|
||||
echo If these are false positives, you need to add the signature to the whitelist in $0.
|
||||
echo Otherwise, convert any files above to templates and encode the passphrase into your vault.
|
||||
exit 1;
|
||||
fi
|
@ -26,3 +26,9 @@
|
||||
- debug:
|
||||
msg: "Remember to use the nordvpn-bin command to set up your account."
|
||||
|
||||
|
||||
# TODO Add yaml for OVPN file, user, pass to Vault
|
||||
# TODO Enforce vpn.service on server instead of nordvpnd.
|
||||
# TODO Add /etc/bashrc.d file for `alias torlynx='torsocks elinks https://check.torproject.org/'`
|
||||
# TODO Add monit checks for tor and openvpn services
|
||||
# TODO Shift deluged to WolfPack
|
||||
|
8
roles/DedSec/tasks/main.yml
Normal file
@ -0,0 +1,8 @@
|
||||
---
|
||||
# Consider https://blackarch.org/blackarch-guide-en.pdf
|
||||
- name: Install DedSec packages
|
||||
become: yes
|
||||
package:
|
||||
name:
|
||||
- tcpdump
|
||||
- wireshark
|
@ -1,7 +1,5 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -x
|
||||
|
||||
URI=https://aninix.net/assets/css/theme-arc-green.css
|
||||
|
||||
# Gitea arc-green palette
|
||||
|
Before Width: | Height: | Size: 7.2 KiB |
Before Width: | Height: | Size: 7.2 KiB |
@ -1 +0,0 @@
|
||||
AniNIX.png
|
@ -1 +0,0 @@
|
||||
AniNIX.png
|
@ -1 +0,0 @@
|
||||
AniNIX.png
|
@ -1 +0,0 @@
|
||||
AniNIX.png
|
@ -1 +0,0 @@
|
||||
/srv/yggdrasil/Pictures/AniNIX/Icons/
|
Before Width: | Height: | Size: 113 KiB |
Before Width: | Height: | Size: 24 KiB |
Before Width: | Height: | Size: 614 B |
Before Width: | Height: | Size: 170 KiB |
Before Width: | Height: | Size: 21 KiB |
Before Width: | Height: | Size: 657 B |
Before Width: | Height: | Size: 439 B |
Before Width: | Height: | Size: 24 KiB |
Before Width: | Height: | Size: 44 KiB |
Before Width: | Height: | Size: 42 KiB |
Before Width: | Height: | Size: 64 KiB |
Before Width: | Height: | Size: 9.7 KiB |
Before Width: | Height: | Size: 42 KiB |
Before Width: | Height: | Size: 342 KiB |
@ -17,7 +17,7 @@
|
||||
<div class="eight wide center column">
|
||||
<h1 class="hero ui icon header">
|
||||
<img width=20px height=20px src='/assets/img/icons/FoundationIcon.png'/>
|
||||
<a href="/user/login?redirect_to=%2fAniNIX_Martial_Arts">Open-source</a>
|
||||
<a href="/mawiki">Open-source</a>
|
||||
</h1>
|
||||
<p class="large">
|
||||
We want your training with our system to become a part of your life. This means that we provide access to a revision-controlled copy of our notes that all our students can download, keep, and contribute to. We're tired of the old era where how the system works is kept hidden from students and piecemealed out as a marketing ploy -- we want to be as trasparent as possible in how our program and our martial art function. Transparency keeps our instructors honest and our students engaged -- this means a better martial arts experience for everyone.
|
||||
|
@ -13,7 +13,7 @@
|
||||
<div class="ui stackable middle very relaxed page grid">
|
||||
<div class="sixteen wide center column" >
|
||||
<h1 class="hero ui icon header">
|
||||
<img width=20px height=20px src='/img/icons/CoreIcon.png'/>
|
||||
<img width=20px height=20px src='/assets/img/icons/CoreIcon.png'/>
|
||||
Cybersecurity Consulting
|
||||
</h1>
|
||||
<p class="large">The AniNIX offers cybersecurity consulting and advice services on a limited basis. We bill at $20 an hour -- please select your need below after negotiating with an admin.</p>
|
||||
@ -91,5 +91,17 @@
|
||||
<! -- END STRIPE CODE -->
|
||||
</p>
|
||||
</div>
|
||||
<hr style="margin-top: 50px;" />
|
||||
</div>
|
||||
<div class="ui stackable middle very relaxed page grid">
|
||||
<div class="sixteen wide center column" >
|
||||
<hr style="margin-top: 50px;" />
|
||||
<h2>Donate</h2>
|
||||
<p>If you like what we do, you can also donate on one of these platforms:</p>
|
||||
<ul style="width:500px;text-align: left;margin:auto;">
|
||||
<li><a href="https://store.steampowered.com/wishlist/id/darkfeather664/#sort=order">Steam (games)</a></li>
|
||||
<li><a href="https://www.amazon.com/hz/wishlist/ls/3CORZU03RNWST?ref_=wl_share">Amazon (hardware)</a></li>
|
||||
<li>BTC 38Nd3SgytdvSmcX3gfHeNAE2B6aPyYbS7s</li>
|
||||
<li>Coinbase USDC 0x21a05e628Ed622F7594f62Ea3C764bAEF7fE3Bf3</li>
|
||||
</ul>
|
||||
</div>
|
||||
</div>
|
||||
|
@ -1,7 +1,7 @@
|
||||
<div class="ui stackable middle very relaxed page grid">
|
||||
<div class="sixteen wide center aligned centered column">
|
||||
<div>
|
||||
<img class="logo" src="/img/icons/CoreIcon.png" />
|
||||
<img class="logo" src="/assets/img/icons/CoreIcon.png" />
|
||||
</div>
|
||||
<div class="hero">
|
||||
<h2 class="ui icon header title">
|
||||
|
10
roles/Games/tasks/main.yml
Normal file
@ -0,0 +1,10 @@
|
||||
---
|
||||
|
||||
- name: Install Games packages
|
||||
become: yes
|
||||
package:
|
||||
name:
|
||||
- mgba-qt
|
||||
- steam
|
||||
- steam-native-runtime
|
||||
- discord
|
29
roles/IRC-Bots/tasks/main.yml
Normal file
@ -0,0 +1,29 @@
|
||||
---
|
||||
|
||||
- user:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
shell: "{{ daemon_shell | default('/sbin/nologin') }}"
|
||||
local: yes
|
||||
groups: ircd
|
||||
loop:
|
||||
- bitbot
|
||||
- dsbridge
|
||||
- theraven
|
||||
- werewolf
|
||||
|
||||
# Install TheRaven package
|
||||
- package:
|
||||
name:
|
||||
- TheRaven
|
||||
|
||||
- git:
|
||||
repo: 'https://github.com/jesopo/bitbot.git'
|
||||
dest: /usr/local/src/bitbot/
|
||||
clone: yes
|
||||
update: yes
|
||||
|
||||
- git:
|
||||
repo:
|
||||
|
||||
-
|
10
roles/Maat/tasks/main.yml
Normal file
@ -0,0 +1,10 @@
|
||||
---
|
||||
- name: Sharingan packages
|
||||
become: yes
|
||||
package:
|
||||
name:
|
||||
- openvas
|
||||
- greenbone-security-assistant
|
||||
- elasticsearch6
|
||||
- mongodb
|
||||
- graylog
|
@ -1,23 +1,21 @@
|
||||
---
|
||||
|
||||
- name: SSH
|
||||
- name: SSH (ArchLinux)
|
||||
become: yes
|
||||
when: ansible_os_family == "Archlinux"
|
||||
package:
|
||||
state: present
|
||||
name:
|
||||
- bash
|
||||
- sudo
|
||||
- openssh
|
||||
|
||||
- name: SSH Config
|
||||
- name: SSH (Raspbian)
|
||||
become: yes
|
||||
copy:
|
||||
src: ssh_config
|
||||
dest: /etc/ssh/ssh_config
|
||||
|
||||
- name: SSHD Config
|
||||
become: yes
|
||||
copy:
|
||||
src: sshd_config
|
||||
dest: /etc/ssh/sshd_config
|
||||
when: ansible_os_family == "Debian"
|
||||
package:
|
||||
state: present
|
||||
name:
|
||||
- openssh-server
|
||||
- openssh-client
|
||||
|
||||
- name: Mark SSH keys as immutable
|
||||
become: yes
|
||||
@ -46,3 +44,38 @@
|
||||
name: "{{ ansible_user_id }}"
|
||||
groups: ssh-allow
|
||||
append: yes
|
||||
|
||||
- name: Copy the SSH key
|
||||
authorized_key:
|
||||
user: "{{ ansible_user_id }}"
|
||||
state: present
|
||||
key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/deploy.pub') }}"
|
||||
|
||||
- name: SSH Config
|
||||
become: yes
|
||||
copy:
|
||||
src: ssh_config
|
||||
dest: /etc/ssh/ssh_config
|
||||
|
||||
- name: SSHD Config
|
||||
become: yes
|
||||
register: sshd_config
|
||||
copy:
|
||||
src: sshd_config
|
||||
dest: /etc/ssh/sshd_config
|
||||
|
||||
- name: Restart SSHD (ArchLinux)
|
||||
become: yes
|
||||
when: ansible_os_family == "Archlinux" and sshd_config.changed
|
||||
service:
|
||||
name: sshd
|
||||
state: restarted
|
||||
enabled: yes
|
||||
|
||||
- name: Restart SSHD (Raspbian)
|
||||
become: yes
|
||||
when: ansible_os_family == "Debian" and sshd_config.changed
|
||||
service:
|
||||
name: ssh
|
||||
state: restarted
|
||||
enabled: yes
|
||||
|
10
roles/ShadowArch/files/bashrc
Normal file
@ -0,0 +1,10 @@
|
||||
#
|
||||
# /etc/bash.bashrc
|
||||
#
|
||||
|
||||
# If not running interactively, don't do anything
|
||||
[[ $- != *i* ]] && return
|
||||
|
||||
[[ $DISPLAY ]] && shopt -s checkwinsize
|
||||
|
||||
[ -r /usr/share/bash-completion/bash_completion ] && . /usr/share/bash-completion/bash_completion
|
32
roles/ShadowArch/files/vimrc
Normal file
@ -0,0 +1,32 @@
|
||||
" All system-wide defaults are set in $VIMRUNTIME/archlinux.vim (usually just
|
||||
" /usr/share/vim/vimfiles/archlinux.vim) and sourced by the call to :runtime
|
||||
" you can find below. If you wish to change any of those settings, you should
|
||||
" do it in this file (/etc/vimrc), since archlinux.vim will be overwritten
|
||||
" everytime an upgrade of the vim packages is performed. It is recommended to
|
||||
" make changes after sourcing archlinux.vim since it alters the value of the
|
||||
" 'compatible' option.
|
||||
|
||||
" This line should not be removed as it ensures that various options are
|
||||
" properly set to work with the Vim-related packages.
|
||||
runtime! archlinux.vim
|
||||
|
||||
" If you prefer the old-style vim functionalty, add 'runtime! vimrc_example.vim'
|
||||
" Or better yet, read /usr/share/vim/vim74/vimrc_example.vim or the vim manual
|
||||
" and configure vim to your own liking!
|
||||
syntax on
|
||||
filetype on
|
||||
" Support CSharp files like Java
|
||||
au BufNewFile,BufRead *.csharp set filetype=java
|
||||
au BufNewFile,BufRead *.cs set filetype=java
|
||||
set number
|
||||
set mouse-=a
|
||||
colorscheme desert
|
||||
|
||||
" This establishes the indenting policy.
|
||||
filetype plugin indent on
|
||||
" show existing tab with 4 spaces width
|
||||
set tabstop=4
|
||||
" when indenting with '>', use 4 spaces width
|
||||
set shiftwidth=4
|
||||
" On pressing tab, insert 4 spaces
|
||||
set expandtab
|
37
roles/ShadowArch/tasks/bash.yml
Normal file
@ -0,0 +1,37 @@
|
||||
|
||||
|
||||
- name: Set Bash MOTD
|
||||
become: yes
|
||||
copy:
|
||||
src: "motd/{{ inventory_hostname }}"
|
||||
dest: /etc/bash.motd
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
|
||||
- name: Nullify overall MOTD
|
||||
become: yes
|
||||
copy:
|
||||
src: /dev/null
|
||||
dest: /etc/motd
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
|
||||
- name: Bashrc
|
||||
become: yes
|
||||
copy:
|
||||
src: bashrc
|
||||
dest: /etc/bashrc
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
|
||||
- name: vimrc
|
||||
become: yes
|
||||
copy:
|
||||
src: vimrc
|
||||
dest: /etc/vimrc
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
@ -58,10 +58,14 @@
|
||||
ignore_errors: yes
|
||||
register: root_password_test
|
||||
vars:
|
||||
ansible_become_user: "{{ item }}"
|
||||
ansible_become_method: su
|
||||
ansible_become_password: "{{ passwords[inventory_hostname] }}"
|
||||
become: yes
|
||||
command: id
|
||||
loop:
|
||||
- root
|
||||
- "{{ ansible_user_id }}"
|
||||
|
||||
- name: Define passwords
|
||||
vars:
|
||||
@ -70,7 +74,7 @@
|
||||
become: yes
|
||||
when: root_password_test.rc is not defined or root_password_test.rc != 0
|
||||
command:
|
||||
cmd: /bin/bash -l -c "printf '%s\n%s\n' '{{ passwords[inventory_hostname] }}' '{{ passwords[inventory_hostname] }}' | passwd {{ item }}"
|
||||
cmd: /bin/bash -l -c "echo '{{item}}:{{ passwords[inventory_hostname] }}' | chpasswd {{ item }}"
|
||||
loop:
|
||||
- root
|
||||
- "{{ ansible_user_id }}"
|
||||
@ -163,24 +167,6 @@
|
||||
hostname:
|
||||
name: "{{ inventory_hostname }}.{{ replica_domain }}"
|
||||
|
||||
- name: Set Bash MOTD
|
||||
become: yes
|
||||
copy:
|
||||
src: "motd/{{ inventory_hostname }}"
|
||||
dest: /etc/bash.motd
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
|
||||
- name: Nullify overall MOTD
|
||||
become: yes
|
||||
copy:
|
||||
src: /dev/null
|
||||
dest: /etc/motd
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
|
||||
- include: archlinux-network.yml
|
||||
when: ansible_os_family == "Archlinux"
|
||||
|
||||
@ -190,3 +176,5 @@
|
||||
- include: dns.yml
|
||||
|
||||
- include: ntp.yml
|
||||
|
||||
- include: bash.yml
|
||||
|
@ -7,7 +7,7 @@
|
||||
## performed should a test fail.
|
||||
check system $HOST
|
||||
if loadavg (1min) per core > 2 for 25 times within 30 cycles then exec "/etc/monit.d/scripts/critical Load average is high"
|
||||
if memory usage > 75% for 8 times within 10 cycles then exec "/etc/monit.d/scripts/critical Memory is overused."
|
||||
if memory usage > 90% for 8 times within 10 cycles then exec "/etc/monit.d/scripts/critical Memory is overused."
|
||||
if swap usage > 25% for 8 times within 10 cycles then exec "/etc/monit.d/scripts/critical Swap is overused."
|
||||
group system
|
||||
#
|
||||
|
2
roles/Sharingan/files/monit/checks/warrant-canary
Normal file
@ -0,0 +1,2 @@
|
||||
check program warrant_canary with path "/etc/monit.d/scripts/check-warrant-canary"
|
||||
if status != 0 then exec "/etc/monit.d/scripts/critical Warrant Canary needs to be updated"
|
@ -1 +1,2 @@
|
||||
include "/etc/monit.d/checks/system"
|
||||
include "/etc/monit.d/checks/warrant-canary"
|
||||
|
27
roles/Sharingan/files/monit/scripts/check-warrant-canary
Executable file
@ -0,0 +1,27 @@
|
||||
#!/bin/bash
|
||||
|
||||
daysinadvance=14
|
||||
url=https://aninix.net/AniNIX/WarrantCanary/raw/branch/main/canary
|
||||
|
||||
# ID the update expected date
|
||||
canarydate="$(curl -s "$url" | grep -A 1 'next two updates' | tail -n 1 | sed 's/^..//' )"
|
||||
if [ -z "$canarydate" ]; then
|
||||
echo "Cannot identify the canary's next time."
|
||||
exit 2
|
||||
fi
|
||||
epochcanarydate="$(date -d "$canarydate" +%s)"
|
||||
|
||||
# Remove a one-month padding
|
||||
updatecanarydate=$(( $epochcanarydate - 2592000 ))
|
||||
|
||||
# ID today
|
||||
today="$(date +%s)"
|
||||
|
||||
|
||||
if [[ $today -gt $updatecanarydate ]]; then
|
||||
echo Time to reseed the warrant canary.
|
||||
exit 2
|
||||
else
|
||||
echo Warrant canary seems to have the right time.
|
||||
exit 0
|
||||
fi
|
@ -153,7 +153,8 @@ set log syslog
|
||||
set httpd port 2812 and
|
||||
use address localhost # only accept connection from localhost (drop if you use M/Monit)
|
||||
allow localhost # allow localhost to connect to the server and
|
||||
allow admin:"{{ monitcli | default('monit') }}" # require user 'admin' with password 'monit'
|
||||
# require user 'admin' with password
|
||||
allow admin:"{{ secrets[Sharingan][monit] | default('monit') }}"
|
||||
#with ssl { # enable SSL/TLS and set path to server certificate
|
||||
# pemfile: /etc/ssl/certs/monit.pem
|
||||
#}
|
||||
|
47
roles/Tachikoma/tasks/main.yml
Normal file
@ -0,0 +1,47 @@
|
||||
---
|
||||
|
||||
- name: Install Tachikoma packages
|
||||
become: yes
|
||||
package:
|
||||
name:
|
||||
- wifi-menu
|
||||
- weechat
|
||||
- elinks
|
||||
- conky
|
||||
- xfce4
|
||||
- xfce4-goodies
|
||||
- xfce4-screenshooter
|
||||
- xscreensaver
|
||||
- libreoffice-still
|
||||
- hunspell
|
||||
- hunspell-en_us
|
||||
- google-chrome
|
||||
- keepassxc
|
||||
- sshfs
|
||||
- vlc
|
||||
- cups
|
||||
- brother-mfc-j430w
|
||||
- brscan4
|
||||
- xsane
|
||||
- mtpfs
|
||||
- libmtp
|
||||
- alsamixer
|
||||
|
||||
- name: Remove deprecated packages
|
||||
become: yes
|
||||
package:
|
||||
name:
|
||||
- chromium
|
||||
- keepassx
|
||||
- kpcli
|
||||
- irssi
|
||||
- lynx
|
||||
|
||||
- name: Enable services
|
||||
become: yes
|
||||
service:
|
||||
name: "{{ item }}"
|
||||
state: running
|
||||
enabled: yes
|
||||
with:
|
||||
- cups.service
|
@ -1,25 +1,25 @@
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
server_name default_server;
|
||||
include sec.conf;
|
||||
include letsencrypt.conf;
|
||||
include default.csp.conf;
|
||||
rewrite ^/(.*)$ https://aninix.net/$1 permanent;
|
||||
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
server_name aninix.net;
|
||||
|
||||
include sec.conf;
|
||||
include letsencrypt.conf;
|
||||
include default.csp.conf;
|
||||
|
||||
location /
|
||||
{
|
||||
rewrite ^/martialarts(\/*)$ /assets/martialarts/index.html;
|
||||
rewrite /shadowarch /AniNIX/ShadowArch/raw/branch/main/EtcFiles/shadowarch
|
||||
location / {
|
||||
|
||||
rewrite ^/martialarts(\/)*(\/index.html)*$ /assets/martialarts/index.html;
|
||||
|
||||
location /aninix.xml {
|
||||
proxy_hide_header Content-Type;
|
||||
add_header content-type "application/atom+xml";
|
||||
rewrite /aninix.xml /AniNIX/Wiki/raw/branch/main/rss/aninix.xml;
|
||||
}
|
||||
location /martialarts/maqotw.xml {
|
||||
proxy_hide_header Content-Type;
|
||||
add_header content-type "application/atom+xml";
|
||||
rewrite /martialarts/maqotw.xml /AniNIX/Wiki/raw/branch/main/rss/maqotw.xml;
|
||||
}
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
proxy_set_header X-Forwarded-Server $host;
|
||||
@ -27,8 +27,19 @@ server {
|
||||
proxy_pass http://127.0.0.1:3000;
|
||||
}
|
||||
|
||||
location /whatismyip
|
||||
{
|
||||
location /aninix.xml {
|
||||
proxy_hide_header Content-Type;
|
||||
add_header content-type "application/atom+xml";
|
||||
rewrite /aninix.xml /AniNIX/Wiki/raw/branch/main/rss/aninix.xml;
|
||||
}
|
||||
|
||||
location /martialarts/maqotw.xml {
|
||||
proxy_hide_header Content-Type;
|
||||
add_header content-type "application/atom+xml";
|
||||
rewrite /martialarts/maqotw.xml /AniNIX/Wiki/raw/branch/main/rss/maqotw.xml;
|
||||
}
|
||||
|
||||
location /whatismyip {
|
||||
include ../conf.d/fastcgi.config;
|
||||
root /usr/share/webapps/aninix/;
|
||||
location ~* whatismyip {
|
||||
@ -36,12 +47,10 @@ server {
|
||||
expires max;
|
||||
}
|
||||
}
|
||||
location /blackpage
|
||||
{
|
||||
|
||||
location /blackpage {
|
||||
root /usr/share/webapps/aninix/;
|
||||
try_files $uri /blackpage.html;
|
||||
}
|
||||
|
||||
include letsencrypt.conf;
|
||||
|
||||
}
|
||||
|
@ -32,13 +32,13 @@ server {
|
||||
# deny access to . files, for security
|
||||
#
|
||||
location ~ /\.\. {
|
||||
log_not_found off;
|
||||
deny all;
|
||||
log_not_found off;
|
||||
deny all;
|
||||
}
|
||||
|
||||
location ~ /scripts {
|
||||
log_not_found off;
|
||||
deny all;
|
||||
log_not_found off;
|
||||
deny all;
|
||||
}
|
||||
|
||||
}
|
||||
|
25
roles/WolfPack/tasks/main.yml
Normal file
@ -0,0 +1,25 @@
|
||||
---
|
||||
|
||||
- name: Packages
|
||||
become: yes
|
||||
package:
|
||||
name:
|
||||
- wolfpack
|
||||
|
||||
- name: Config
|
||||
become: yes
|
||||
copy:
|
||||
src: "{{ inventory_hostname }}"
|
||||
dest: /usr/local/etc/WolfPack
|
||||
|
||||
- name: Timer
|
||||
become: yes
|
||||
systemd:
|
||||
name: "{{ wolfpack_service | default('wolfpack.timer') }}"
|
||||
state: started
|
||||
enabled: yes
|
||||
daemon_reload: yes
|
||||
|
||||
# TODO Add sshfs and mountpoint for Darknet
|
||||
# TODO Add config folders and restart daemon on change
|
||||
# TODO Deprecate offload-wolfpack for Deluge move to sshfs
|
@ -24,7 +24,7 @@
|
||||
- /srv/yggdrasil/Software
|
||||
|
||||
- name: LiveTV channels
|
||||
command: /bin/bash -c "curl -s https://raw.githubusercontent.com/iptv-org/iptv/master/streams/us.m3u | egrep -A 1 {{ iptv_location }} 2>&1 | egrep -v '^--$'"
|
||||
command: /bin/bash -c "curl -s https://raw.githubusercontent.com/iptv-org/iptv/master/streams/us.m3u | egrep -A 1 '{{ iptv_location }}' 2>&1 | egrep -v '^--$'"
|
||||
register: livetv_channels
|
||||
|
||||
- name: Write to file
|
||||
|
5
roles/common/tasks/main.yml
Normal file
@ -0,0 +1,5 @@
|
||||
---
|
||||
- debug:
|
||||
msg: Importing common handlers.
|
||||
|
||||
### DO NOT CHANGE THIS FILE
|
@ -1,7 +0,0 @@
|
||||
import os
|
||||
import re
|
||||
import pytest
|
||||
from modules import netdetect
|
||||
|
||||
def test_netdetect_usage():
|
||||
assert True
|